Data breach

Published by:
Digital Trust Center
Digital Trust Center

Does your company or organisation handle sensitive, protected, or confidential data, for instance customers' personal details? Be careful that the information does not fall into the hands of third parties. If sensitive data is copied, sent, viewed, stolen, or used by a person who does not have permission to do so, you are dealing with a data breach. Learn how to recognise and prevent a data breach in your company.

How does a data breach arise?

A data breach can occur as a result of a security vulnerability. This allows cybercriminals to gain access to computer files containing personal data, financial information, or trade secrets. Other examples of ways in which personal data inadvertently ends up in the hands of others include:

  • A business email sent to a wrong address;
  • Business laptops and USB sticks that are stolen or lost;
  • Discarded business computers, smartphones and tablets that are resold without being wiped clean.

Handling sensitive data

Many data breaches also arise because internal employees handle sensitive data carelessly. Or they are not aware that the information may be of interest to a third party. It is not possible to protect all information within your organisation. Make an inventory of sensitive information and handle it with care. Handling with care means, for example, not sharing the information with everyone in the organisation, and training the people who work with the data. When an employee is aware of the type of information they are working with and why it is important to handle it carefully, they are less likely to make mistakes or handle the data carelessly.


A data breach may also be a violation of the General Data Protection Regulation (GDPR). If it is, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, DPA) can impose a fine on your company or organisation.

How do I recognise a data breach?

You may not be aware that you have a data breach. Look out for these signals. If you come across them, you may have fallen victim to a data breach.

Common suspicious activities are:

  • login attempts from unknown sources or at odd times
  • strange file alterations
  • sudden appearances of unknown files
  • loss of documents containing sensitive information
  • files deleted by someone who is not authorised
  • odd file or system management activities

Tips to prevent a data breach

Naturally, you do not want your sensitive, protected, or confidential company data to be exposed. Keep company information safe and prevent it from being viewed or made public. The greater the awareness and the stricter the measures, the better. That way, if equipment is stolen or lost, the risk of business loss or a data breach is reduced. Here are some tips for preventing a data breach:

Do not collect (sensitive) information that you do not need

Collecting names, dates of birth, medical or financial data is made easy by various systems. But do you really need this data? Take a good look at whether the information you collect and store is relevant to your work and business processes.

Delete (sensitive) data you no longer need

The use of various systems usually means that information is stored automatically. You may be storing much more sensitive data than you actually need for your work. Take a good look at whether personal data of former customers, payment dates, or login details from the past are useful to store.

Consciously grant access to sensitive data

If it is necessary to give certain employees access to sensitive data. Think this through carefully in advance. Keep track of which employee has access to which type of information and if they need it to do their work.

Limit the number of places where you store sensitive data

If you are dealing with sensitive data, secure it well and store it in as few places as possible. You reduce the risk of unconscious data leaks if you store such information centrally, grant employees selective access, and keep track of which information is available to whom. Do not forget to make regular backups and to keep systems up-to-date.

Use prevention software

Even when employees are well trained, mistakes can happen. In addition to a tight security mindset, you can also use Data Loss Prevention (DLP) software. DLP software detects potential data breaches by monitoring, detecting, and blocking sensitive data. For example, when using DLP software, you can classify and manage critical information. Unauthorised end users cannot accidentally or with malicious intent access or share data with third parties.

Other measures

The use of other security measures (in Dutch), such as regular pen-testing of software, antivirus and malware protection, strong passwords, and patching, can also reduce the risk of a data breach. But to keep data breaches to a minimum, it is crucial that employees are constantly trained and aware of the risks in order to keep data breaches to a minimum.

External links

Questions relating to this article?

Please contact Digital Trust Center